Protocol Pack Notes

Corporate Headquarters:

Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA

Copyright 2008 Cisco Systems, Inc. All rights reserved.

Cisco Service Control Application for Broadband Protocol Pack Notes

July, 2008 OL-8483-15

These protocol pack notes for the Cisco Service Control Application for Broadband (SCA BB) describe the content of the various protocol packs that are available at the Software Download page of the Cisco website.

Overview

Cisco SCA BB Protocol Pack Notes

2 OL-8483-15

Contents

OVERVIEW............................................................................................................................................................. 6

INSTALLATION...................................................................................................................................................... 6

SCA BB PROTOCOL PACK #14............................................................................................................................ 7 COMPATIBILITY INFORMATION................................................................................................................................ 7 PROTOCOL LIBRARY UPDATES................................................................................................................................ 7

New protocols..................................................................................................................................................... 7 Updated protocols .............................................................................................................................................. 7

RESOLVED CAVEATS ............................................................................................................................................... 8 KNOWN LIMITATIONS ............................................................................................................................................. 9 DSS CONTENT...................................................................................................................................................... 10 PROTOCOL SIGNATURE DETAILS........................................................................................................................... 11 MANUAL CONFIGURATION ................................................................................................................................... 11

SCA BB PROTOCOL PACK #13.......................................................................................................................... 12 COMPATIBILITY INFORMATION.............................................................................................................................. 12 PROTOCOL LIBRARY UPDATES.............................................................................................................................. 12

New protocols................................................................................................................................................... 12 Updated protocols ............................................................................................................................................ 12

RESOLVED CAVEATS ............................................................................................................................................. 13 KNOWN LIMITATIONS ........................................................................................................................................... 14 DSS CONTENT...................................................................................................................................................... 14 PROTOCOL SIGNATURE DETAILS........................................................................................................................... 15 MANUAL CONFIGURATION ................................................................................................................................... 15



RESOLVED CAVEATS ............................................................................................................................................. 18 KNOWN LIMITATIONS ........................................................................................................................................... 19 DSS CONTENT...................................................................................................................................................... 19 PROTOCOL SIGNATURE DETAILS........................................................................................................................... 20



RESOLVED CAVEATS ............................................................................................................................................. 21 KNOWN LIMITATIONS: .......................................................................................................................................... 23

Overview


OL-8483-15

3

DSS CONTENT...................................................................................................................................................... 23 PROTOCOL SIGNATURE DETAILS........................................................................................................................... 23 MANUAL CONFIGURATION.................................................................................................................................... 24

SCA BB PROTOCOL PACK #10.......................................................................................................................... 26 SCA BB 2.5.10 PROTOCOL PACK #10 ................................................................................................................... 26

Prerequisites..................................................................................................................................................... 26 What's new in the SCA BB 2.5.10 Protocol Pack #10 ....................................................................................... 26 Protocol Signature Details ............................................................................................................................... 28 Installation ....................................................................................................................................................... 28 Manual configuration....................................................................................................................................... 28

SCA BB 3.0.6 PROTOCOL PACK #10 ..................................................................................................................... 30 Prerequisites..................................................................................................................................................... 30 What's new in the SCA BB 3.0.6 Protocol Pack #10 ......................................................................................... 30 DSS Content ..................................................................................................................................................... 31 Protocol Signature Details ............................................................................................................................... 31 Installation ....................................................................................................................................................... 31



Prerequisites..................................................................................................................................................... 34 What's new in the SCA BB 2.5.10 Protocol Pack #09 ....................................................................................... 34 DSS Content ..................................................................................................................................................... 35 Protocol Signature Details ............................................................................................................................... 36 Installation ....................................................................................................................................................... 36 Manual configuration....................................................................................................................................... 36




Prerequisites..................................................................................................................................................... 42 What's new in the SCA BB 2.5.10 Protocol Pack #08 ....................................................................................... 42 DSS Content ..................................................................................................................................................... 43

Overview


4 OL-8483-15

Protocol Signature Details ............................................................................................................................... 44 Installation ....................................................................................................................................................... 44 Manual configuration....................................................................................................................................... 44




SCA BB 3.0.5A PROTOCOL PACK #07................................................................................................................... 52 Prerequisites..................................................................................................................................................... 52 What's new in the SCA BB 3.0.5A Protocol Pack #07....................................................................................... 52 DSS Content ..................................................................................................................................................... 53 Protocol Signature Details ............................................................................................................................... 53 Installation ....................................................................................................................................................... 53






SCA BB 3.0.3 PROTOCOL PACK #05 ..................................................................................................................... 66 Prerequisites..................................................................................................................................................... 66

Overview


OL-8483-15

5

What's new in the SCA BB 3.0.3 Protocol Pack #05 ......................................................................................... 66 DSS Content ..................................................................................................................................................... 67 Protocol Signature Details ............................................................................................................................... 68 Installation ....................................................................................................................................................... 68 Manual configuration....................................................................................................................................... 68

SCA BB PROTOCOL PACK #04.......................................................................................................................... 71 SCA BB 2.5.9 PROTOCOL PACK #04 ..................................................................................................................... 71

Prerequisites..................................................................................................................................................... 71 What's new in the SCA BB 2.5.9 Protocol Pack #04 ......................................................................................... 71

SCA BB 3.0.1 PROTOCOL PACK #04 ..................................................................................................................... 74 Prerequisites..................................................................................................................................................... 74 What's new in the SCA BB 3.0.1 Protocol Pack #04 ......................................................................................... 74

JANUARY 2006 PROTOCOL PACK (PROTOCOL PACK #03) ....................................................................... 77 JANUARY 2006 2.5.8 PROTOCOL PACK.................................................................................................................. 77

Prerequisites..................................................................................................................................................... 77 What's new in the January 2006 2.5.8 Protocol Pack ....................................................................................... 77

JANUARY 2006 3.0.0 PROTOCOL PACK.................................................................................................................. 79 Prerequisites..................................................................................................................................................... 79 What's new in the January 2006 3.0.0 Protocol Pack ....................................................................................... 79

NOVEMBER 2005 PROTOCOL PACK (PROTOCOL PACK #02)................................................................... 82 Prerequisites..................................................................................................................................................... 82 What's new in the November 2005 Protocol Pack............................................................................................. 82

SEPTEMBER 2005 PROTOCOL PACK (PROTOCOL PACK #01).................................................................. 85 What's new in the September 2005 Protocol Pack ............................................................................................ 85

OBTAINING DOCUMENTATION AND SUBMITTING A SERVICE REQUEST .......................................... 86

Overview


6 OL-8483-15

Overview Cisco protocol packs include new and improved protocol signatures for SCA BB. A typical signature update is a file containing signatures for detecting traffic of network worms, popular peer-to-peer applications, and other interesting protocols. When loaded into the SCE platform, these signatures improve classification abilities of SCA BB, with minimal or zero SCE platform service downtime.

The protocol pack files are available for Cisco partners and customers for download from the Software Download page of the Cisco website.

Cisco offers an e-mail notification service that notifies customers and partners each time a new protocol pack becomes available for download. To register for this service, please contact the relevant Cisco account team.

Note The format of these Protocol Pack Notes has been changed starting from PP#11. Instead of a separate PP description for each platform, there is a single section describing all the enhancements. If an enhancement is not applicable to all platforms, the description will contain a note listing the relevant platforms.

The purpose of this change is to avoid data duplication and improve document readability.

Installation Installation of the SCA BB Protocol Pack #14 involves a replacement of the SCE platform application. This is done automatically as part of the SPQI installation using hitless upgrade mechanism. For more detailed information see Release Notes for Cisco Service Control Application for Broadband (SCA BB), located at http://www.cisco.com/en/US/products/ps6135/prod_release_notes_list.html

For further information regarding the installation or distribution process, please use the Cisco SCA BB Protocol Signatures Distribution User Guide Supplement, which is available on www.cisco.com at the same directory as the current document.

SCA BB Protocol Pack #14


OL-8483-15

7


Compatibility Information The SCA BB Protocol Pack #14 can be installed on an SCE 1000, SCE 2000, or SCE8000 platform on which one of the following versions of SCA BB has already been installed.

This Protocol Pack can be installed on top of the following platforms,

SCA BB Release 3.0.6





SCA BB Release 3.1.6S

Protocol Library Updates

New protocols BabelGum - IPTV.

RTMP – Streaming (including Hulu, BBC iPlayer and Yahoo).

Ventrilo - VoIP.

TeamSpeak – VoIP.

Updated protocols Bittorrent – Azureus Vuze client version 3.0.5 support was added.

eMule – updated support to client version 0.49a.

PPLive – Support enhanced and updated to client version 1.9.35.

BBC iPlayer – Support enhanced.

MySpace Flash – Support enhanced

Second Life - Support enhanced.

SSL multipacket protocols - Support enhanced

Bittorrent – uTorrent, Deluge and Azureus - Support enhanced



8 OL-8483-15

TFTP – support enhanced.

Flash – support enhanced.

Resolved Caveats MySpace Flash is misclassified as Flash

CSCsq83081. When browsing MySpace, it is sometimes classified as 'Flash' rather than 'Flash MySpace'.

Lineage gaming is misclassified as BitTorrent Encrypted

CSCsq26609 Lineage gaming is misclassified as Bittorrent Encrypted.

mDNS is misclassified as Second Life

CSCsq83045 Multicast DNS is classified as Second Life.

SSL-VPN traffic might be misclassified to MS Push Mail

CSCsq66448 HTTPS traffic is misclassified to MS Push Mail in addition to SSL-VPN traffic.

PPLive is misclassified to several protocols

CSCsq09521 PPLive is misclassified to other protocols due to lack of support for client version 1.9.35.

PPLive Protocol signature should be revised due to misclassifications

CSCsm95034 EVE online gaming and VGaurd Video surveillance are misclassified to PPLive.

eMule misclassified to Behavioral Upload / Download

CSCso89456 In certain scenarios when HBC is disabled and eMule is set to an obfuscated mode, most of the traffic is misclassified to Behavioral Upload / Download and only 15 - 20% is classified to eMule.



OL-8483-15

9

BBC iPLayer missclassified to Behavioral Upload / Download

CSCso75547 BBC iPLayer is misclassified to Behavioral Upload / Download.

TFTP - Write request misclassified to Generic UDP.

CSCso30107 TFTP - Write request is misclassified to Generic UDP.

Yahoo messenger misclassified to SSL

CSCso17765 Yahoo messenger is misclassified to SSL.

Known Limitations

Installing the Protocol Pack upon 3.1.5 platform requires manual configuration

CSCsm06607

The installation of Protocol Pack #14 upon 3.1.5 requires manual configuration in order to support all the Protocol Pack #14 features. Refer to the following procedure.

Step 1. Extract the .SPQI file from the 3.1.5 Protocol Pack #14 ZIP package and install the Protocol Pack as usual using SCA-BB.

Step 2. Extract the script.txt file from the 3.1.5 Protocol Pack #14 ZIP package and upload to the SCE platform using FTP.

Step 3. Open a CLI session in the SCE platform and navigate to the directory where the uploaded script.txt resides and execute the following CLI command:

script run script.txt.

Some P2P traffic might be misclassfied as Generic TCP on SCA BB Releases 3.1.0 and 3.1.1 with Protocol-Packs #12 and above

CSCsr20314

Protocol Packs #12 and above installed on top of SCA-BB Release 3.1.0 or SCA-BB Release 3.1.1 may cause to some P2P traffic to be misclassified.

Following are the protocols that can be misclassified: Manolito, Neonet, Direct_Connect, PPStream, Winny, Share.



10 OL-8483-15

Workaround: Configure the SCE platform by executing the following command sequence: enable 15 configure Interface linecard 0 lookup GT_LUT_HBC_SOCKET_BASED_PROTOCOLS remove-key 118030336 lookup GT_LUT_HBC_SOCKET_BASED_PROTOCOLS remove-key 118620160 lookup GT_LUT_HBC_SOCKET_BASED_PROTOCOLS remove-key 117899264 lookup GT_LUT_HBC_SOCKET_BASED_PROTOCOLS remove-key 118816768 lookup GT_LUT_HBC_SOCKET_BASED_PROTOCOLS remove-key 117702656 lookup GT_LUT_HBC_SOCKET_BASED_PROTOCOLS remove-key 118292480 exit exit copy running-config-application startup-config-application

BitTorrent Azureus might be misclassified on block

CSCsq04726 Azureus might not be completely blocked and might be misclassified to Generic TCP / UDP in certain scenarios enforcing BLOCK mode.

BitTorrent Azureus might be misclassified to Generic TCP

CSCso84926 BT Azureus might be misclassified to Generic TCP when the client is working in encrypted mode.

Webthunder protocol signature might change after Protocol Pack upgrade and might be misclassified to Generic traffic

CSCso55461 Upon upgrading from Protocol Pack #11 to Protocol Pack #12 , #13 or #14, WebThunder protocol signature might change, and thus be misclassified to Generic traffic.

Workaround:

Delete default DSS.

Retrieve the service configuration from the SCE.

Apply the service configuration to the SCE.

DSS Content

Note The DSS included in the SPQI file is automatically applied to the active PQB file when the SPQI is installed on the SCE platform.

The SUS script contains no DSS-based signatures and is only provided to expose the new signature IDs to the application.



OL-8483-15

11

Protocol Signature Details

Note For a complete list of supported protocols, please refer to the protocol support reference guide located at http://www.cisco.com/cgi-bin/tablebuild.pl/sca-ps.

The following table contains protocol IDs for the protocols that were added or enhanced in Protocol Pack #14. These IDs appear in the PROTOCOL_ID field of RDRs that are generated for these protocols.

New/Enhanced Protocols in SCA BB Protocol Pack #14

Protocol Name Protocol ID Comment Buddy Protocol Default Service

BabelGum 1066 P2P TV Joost P2P

RTMP 1067 Streaming Flash Streaming

HULU 1068 Internet Video Flash Streaming

Ventrilo 1069 VoIP Fring VoIP VoIP

TeamSpeak 1070 VoIP Fring VoIP VoIP

BBC iPlayer over RTMP 1071 Streaming BBC iPlayer P2P

Manual Configuration The manual configuration should be performed after the PP installation has been completed (according to the procedure described in the Cisco Service Control Application for Broadband User Guide).

To perform any required manual configuration, complete the following steps:

Step 1. Retrieve the PQB file from the SCE platform.

Step 2. Perform the necessary changes according to instructions below.

Step 3. Apply the modified PQB file.

http://www.cisco.com/cgi-bin/tablebuild.pl/sca-ps�



12 OL-8483-15


Compatibility Information The SCA BB Protocol Pack #13 can be installed on an SCE 1000 or SCE 2000 platform on which one of these versions of SCA BB has already been installed.


3.0.6

3.1.0

3.1.1

3.1.5


New protocols Behavioral VoIP – General VoIP recognition.

Angle Media – P2P TV provider.

SopCast – P2P media provider.

Tor – Virtual Private Network.

Updated protocols Bittorrent – uTorrent client support updated to support version 1.8 alpha.

Bittorrent – BitComet client support updated to support version V0.99.

Skype – Support enhanced for Voice, IN and OUT activities.

BBBRoadcast – Support enhanced.

RTP – Support enhanced



OL-8483-15

13

Resolved Caveats YouTube videos are misclassified as Flash

CSCsl96818 Specific YouTube videos are classified as Flash rather than Flash YouTube.

SMTP misclassified to FTP

CSCsl98416 SMTP may be misclassified to FTP.

SCE sends illegal Radius RDR

CSCsl98389 SCE platform sends RADIUS RDR with no Acct-Status-Type attribute.

Wrong video file extension is used for classification.

CSCsm15090 Some video over HTTP traffic may be misclassified due to wrong file extension usage.

PPTP traffic is misclassified as Generic Non-Established TCP.

CSCsl93375 PPTP traffic must be classified by a Signature.

MSN Messenger misclassified to Generic.

CSCsl85317 MSN messenger misclassified to Generic TCP in video and voice conference.

MSN Messenger - Voice conference can not be blocked.

CSCsl99223 MSN Messenger - Voice via Relay server can not be blocked



14 OL-8483-15

Known Limitations

Installing the Protocol Pack upon 3.1.5 platform requires manual configuration.

CSCsm06607 The installation of Protocol Pack #13 upon 3.1.5 requires manual configuration in order to support all the Protocol Pack #13 features. Please refer to the following procedure.





DSS Content





OL-8483-15

15


Note For a complete list of supported protocols, please refer to the protocol support reference guide located at http://www.cisco.com/cgi-bin/tablebuild.pl/sca-ps.



Protocol Name Protocol ID

Comment Buddy Protocol Default Service

Behavioral VoIP 1062 General VoIP RTP VoIP

Angle Media 1063 P2P TV PPLive P2P

SopCast 1064 P2P TV PPLive P2P

Tor 1065 VPN Freenet P2P

Manual Configuration The manual configuration should be performed after the PP installation has been completed (according to the procedure described in the Cisco Service Control Application for Broadband User Guide).







16 OL-8483-15

Nico Nico Douga special configuration instructions:

Step 1. Create the Nico Nico Douga flavors

a. From the Configuration drop-down menu, select Flavors.

The Flavors Editing Dialog window opens.

b. Create a new flavor of the type HTTP URL; for example "Nico Nico Douga".

c. Add a parameter to this flavor with Host Suffix value of "*.nicovideo.jp" and Path Prefix value of "/smile*" (case sensitive). Leave all other fields as "*".

Step 2. Create the Nico Nico Douga service:

Open the Services tab and create a new service called "Nico Nico Douga" under Streaming (or other desired group).

Step 3. Create the Nico Nico Douga service element:

Edit the newly created service element by filling the following values in the Create Service element dialog window (fields that are not listed below should stay unchanged):

Service: 'Nico Nico Douga'

Protocol: 'HTTP Browsing'

Flavor: 'Nico Nico Douga'



OL-8483-15

17


Compatibility Information The SCA BB Protocol Pack #12 can be installed on an SCE 1000 or SCE 2000 platform on which one of the versions of SCA BB has already been installed.


3.0.6

3.1.0

3.1.1

3.1.5

3.1.5LA


New protocols BBBroadcast – Video streaming.

PacketiX – Virtual Private Network.

Second Life – Virtual reality with P2P functions.

Vivox – Online gaming VoIP protocol.

Updated protocols Bittorrent – Deluge Bit torrent V0.5.6 client support added.

Bittorrent – Azureus client support updated to support version 3.0.3.

Gnutella – Limewire client support updated to support version V4.14.12

MSN Messenger – Support enhanced.

Google Talk – Support enhanced.

CU World – Support updated to support version 0.92b2.



18 OL-8483-15

Resolved Caveats Bundle error due to illegal destination port

CSCsi21093 Error in output log file when illegal bind info appears in IRC traffic.

POP3 misclassification

CSCsl20455 POP3 may be classified as Generic TCP.

Legitimate HTTP is misclassified as Behavioral-P2P.

CSCsl78566 Behavioral P2P mechanism causes misclassifications.

This issue is not relevant for 3.0.6 platform.

WebThunder misclassification

CSCsl11500 WebThunder misclassification (New signature should be developed).

Misclassification of gaming to Winny

CSCsl45174 Online gaming traffic is misclassified as Winny.

Nintendo misclassification

CSCsl27582 Nintendo DS WiFi might be misclassified as Manolito.

SSL flows misclassification.

CSCsl83338 Some SSL TLS 1.0 flows are misclassified as Nodezilla.



OL-8483-15

19

Known Limitations

Installing the Protocol Pack upon 3.1.5 platform requires manual configuration.

CSCsm06607 The installation of Protocol Pack #12 upon 3.1.5 requires manual configuration in order to support all the Protocol Pack #12 features. Please refer to the following procedure.





MSN Messenger voice conference classification is not fully supported.

CSCsl85317, CSCsl99223 In certain network topologies, such as multiple NATs/PATs, MSN voice sessions generate traffic that is not classified correctly.

DSS Content





20 OL-8483-15


Note For complete list of supported protocols please refer to the protocol support reference guide located at http://www.cisco.com/cgi-bin/tablebuild.pl/sca-ps.





BBBroadcast 1058 P2P TV protocol TVAnts P2P

PacketiX 1059 VPN Freenet P2P

Second Life 1060 Online gaming Yahoo Games

Vivox 1061 Online gaming VoIP protocol ICQ VoIP



OL-8483-15

21


Compatibility Information The SCA BB Protocol Pack #11 can be installed on an SCE 1000 or SCE 2000 platform on which one of the versions of SCA BB has already been installed.


3.0.6

3.1.0

3.1.1


New protocols Gyao – Video streaming.

My Jabber – Instant messaging Jabber client.

BBC iPlayer – P2P video.

WebThunder – P2P protocol with web interface.

Updated protocols Poco – Classification in split flow mode enhanced.

Flash/video/audio/binary over HTTP – Classification enhanced.

Skype – Classification updated to support Skype 3.5.

Warez – Classification updated to support Ares 2.0.9 client.

Resolved Caveats Some P2P protocols are misclassified as behavioral P2P.

CSCsk51763 If some traffic generated by a P2P client is classified as B.P2P, it causes all the traffic of that client to be mapped to B.P2P.

This issue is relevant for 3.1.0 and 3.1.1 platforms only



22 OL-8483-15

Winny2 traffic is misclassified as Generic TCP.

CSCsj14472 Encrypted traffic of Winny2 is misclassified.

NOTE: Resolved for 3.1.1 platform only.

Blackberry misclassification

CSCsj58100 Blackberry traffic is classified as Skype.

SIP misclassification.

CSCsj99194 Some SIP flows have preemptive packet that is not recognized as SIP.

SIP – "PRACK" method is not recognized.

CSCsk61759 "PRACK" SIP method is not recognized and thus some SIP flows are mapped to Generic UDP.

PL RTSP bind causing lots of warning messages in the debug log.

CSCsk69072 PL tries to re-bind flows that it already requested a bind for.

YouTube Flash flows misclassification.

CSCsk17816 Some YouTube videos are classified as Flash instead of Flash YouTube.

HTTP and HTTPS traffic misclassified as Winny2.

CSCsk88129 HTTP & HTTPS half-closed flows leftovers are misclassified as Winny2.

Google Earth is misclassified.

CSCsk86079 Misclassifications of Google Earth to "HTTP port" and to "HTTP Browsing" were observed.



OL-8483-15

23

Known Limitations:

Possible misclassification – Kontiki

CSCsk92699 Several clients (BBC-iPlayer/4oD/Sky) use the same underlying protocol - Kontiki. '4oD' and

'Sky' clients are not distinguished and will be mapped to Kontiki.

DSS Content


The SUS script contains no DSS based signatures and is only provided to expose the new signature IDs to the application.


Note For complete list of supported protocols please refer to the protocol support reference guide located at http://www.cisco.com/cgi-bin/tablebuild.pl/sca-ps.





WebThunder 1055 P2P file sharing accelerator Napster P2P

MyJabber 1056 Instant messaging client ICQ

BBC iPlayer 1057 P2P TV streaming TVAnts P2P



24 OL-8483-15

Manual Configuration The manual configuration should be performed after the PP installation has been completed (according to the procedure described in the Cisco Service Control Application for Broadband User Guide)





Gyao special configuration instructions:

Step 1. Create the Gyao flavors

d. From the 'Configuration' drop-down menu, select 'Flavors'.

The 'Flavors Editing Dialog' window opens.

e. Create the two new flavors:

A flavor of type 'RTSP Host Name'; for example "Gyao over RTSP".

Add a parameter to this flavor with a 'Host Suffix' value of "*gyao.jp" (case sensitive)

Hit 'Accept' when finished.

A flavor of type 'HTTP URL'; for example "Gyao over HTTP".

Add a parameter to this flavor with a 'Host Suffix' value of "*gyao.jp" (case sensitive). Leave all other fields as "*".

Step 2. Create the Gyao service:

Open the 'Services' tab and create a new service called "Gyao" under 'Streaming' (or other desired group).

Step 3. Create the Gyao service elements:

Create two new service elements by filling the following values in the 'Create Service element' dialog window (fields that are not listed below should stay unchanged):

Service element #1:

Service: 'Gyao'

Protocol: 'RTSP Streaming'

Flavor: 'Gyao over RTSP'

Service element #2:

Service: 'Gyao'



OL-8483-15

25

Protocol: 'HTTP Browsing'

Flavor: 'Gyao over HTTP'



26 OL-8483-15

SCA BB Protocol Pack #10 The SCA BB Protocol Pack #10 contains the following three protocol packs:

SCA BB 2.5.10 Protocol Pack #10



Refer to the relevant section for your SCA BB version.

Upgrading release 2.5.10, 3.0.6, or 3.1.0 with Protocol Pack #10 in a network where the newly supported protocols are relatively common has little performance impact. In a network where the majority of the newly supported protocols are not common, performance might drop, depending on the traffic mix and control policy.

Note Special configuration instructions were added with this Protocol Pack release. Refer to the installation section for your SCA BB version:

Installation— SCA BB 2.5.10 Protocol Pack #10 Installation— SCA BB 3.0.6 Protocol Pack #10 Installation— SCA BB 3.1.0 Protocol Pack #10


Prerequisites The SCA BB 2.5.10 Protocol Pack #10 can be installed on an SCE 1000 or SCE 2000 platform on which SCA BB 2.5.10 has already been installed.

What's new in the SCA BB 2.5.10 Protocol Pack #10

Note The SCA BB 2.5.10 Protocol Pack #10 for SCA BB 2.5.10 can be installed ONLY on the SCA BB 2.5.10 release.

This Protocol Pack includes support for the following new protocols over SCA BB 2.5.10:

Pando – P2P file sharing.

KuGoo - P2P music file sharing.

Fring – IM client for mobile phone.



OL-8483-15

27

This Protocol Pack includes updates for the following protocols over SCA BB 2.5.10:

eMule – updated to support v0.48 (CSCsj48543).

ICQ – voice recognition enhanced (CSCsi96940).

PPStream – updated to support the latest (v2.0) version (CSCsj76001).

Yahoo Messenger – updated to support v8.1.0 (CSCsi96962).

Gnutella – support enhanced (CSCsi52884).

Skype – misclassifications resolved (CSCsj14278, CSCsj43543).

PPLive – support enhanced (CSCsj53023, CSCsj75652).

Vonage – support enhanced (CSCsh84903).

The SCA BB 2.5.10 Protocol Pack #10 for SCA BB 2.5.10 includes the following two spqi files:

SCABB_2510PP10_SUSAP.spqi: designated for the Asia Pacific region

SCABB_2510PP10_SUS.spqi: designated for all other regions

SCA-BB 2.5.10 Protocol Pack #10 limitations and caveats

Skype and Joost classification accuracy – since most likely these two protocols share the same underlying protocol suite, Joost flows may be misclassified as Skype. In cases where home users use both of these protocols simultaneously, deviation may reach 100%, i.e. – Joost would be classified as Skype (CSCsi87050).

Note The DSS included in the SPQI file is automatically applied to the active PQB file when the SPQI is installed on the SCE platform. The DSS file is required in order to assign protocol IDs to new protocols.

The SCA BB 2.5.10 Protocol Pack 10 includes the following legacy DSS-based signatures:


The SUSAP script contains following DSS-based signatures for Korean protocols:

Kuro

Guruguru

V-share

Soribada



28 OL-8483-15

Protocol Signature Details The following table contains protocol IDs for the protocols that were added or enhanced in this protocol pack. These IDs appear in the PROTOCOL_ID field of RDRs that are generated for these protocols.

The SCA BB 2.5.10 Protocol Pack #10 includes the following new/enhanced interfaces:

New/Enhanced Protocols in SCA BB 2.5.10 Protocol Pack #10



Pando 99 File sharing Napster P2P

Kugoo 100 P2P music file sharing DirectConnect P2P

Fring 101 IM mobile phone client Yahoo Messenger Instant Messaging

Installation Installation of the SCA BB 2.5.10 Protocol Pack #10 involves a replacement of the SCE platform application. This is done automatically as part of the SPQI installation. It should be noted that some service downtime is expected, similar to that of an SCE platform application upgrade. This is due to the closing of all active flow contexts and reclassification of all traffic with the new version.

Manual configuration The manual configuration should be performed after the PP installation has been completed (according to the procedure described in the Cisco Service Control Application for Broadband User Guide)





GoogleEarth special configuration instructions:

Using the SCA BB console, manually assign the protocol 'GoogleEarth' to the 'HTTP' Service.



OL-8483-15

29

ICQ VoIP special configuration instructions:

Although 2.5.10-Protocol Pack #10 correctly classifies 'ICQ VoIP' traffic as SIP, the following additional manual configuration change is required:

Using the Protocols dialog of the SCA BB console, add UDP port 5190 to the SIP protocol.

For further information regarding the installation or distribution process, please use the Cisco SCA BB Protocol Signatures Distribution User Guide Supplement, which is available on CCO at the same directory as the current document.

Video/Audio/Binary over HTTP special configuration instructions:

Using the SCA BB console, manually assign the protocols 'Video over HTTP', 'Audio over HTTP' and 'Binary over HTTP’ to the 'HTTP' Service.



30 OL-8483-15












PPStream – updated to support v2.0 (CSCsj76001).






The SCA BB 3.0.6 Protocol Pack #10 for SCA BB 3.0.6 includes the following spqi file:

SCABB_306PP10_SUS.spqi: designated for all regions



OL-8483-15

31



DSS Content


The SCA BB 3.0.6 Protocol Pack #10 includes the following legacy DSS based signatures:









ICQ Voice 1051 IM voice ICQ VoIP VoIP


Installation Installation of the SCA BB 3.0.6 Protocol Pack #10 involves a replacement of the SCE platform application. This is done automatically as part of the SPQI installation using hitless upgrade mechanism. For more detailed information see Release Notes for Cisco Service Control Application for Broadband (SCA BB)




32 OL-8483-15












PPStream – updated to support v2.0 (CSCsj76001).










OL-8483-15

33



DSS Content











ICQ Voice 1051 IM voice ICQ VoIP VoIP






34 OL-8483-15

SCA BB Protocol Pack #09 The SCA BB Protocol Pack #09 contains the following three protocol packs:





Upgrading release 2.5.10, 3.0.6, or 3.1.0 with Protocol Pack #09 in a network where the newly supported protocols are relatively common has little performance impact. In a network where the majority of the newly supported protocols are not common, performance might drop, depending on the traffic mix and control policy.


Installation— SCA BB 2.5.10 Protocol Pack #09 Installation— SCA BB 3.0.6 Protocol Pack #09 Installation— SCA BB 3.1.0 Protocol Pack #09






Zattoo – P2P TV protocol

Sony Location Free – TV broadcast streaming protocol

Joost – P2P TV protocol.



OL-8483-15

35

Microsoft Push Mail – E-mail support for PDA/Smartphone

Windows Live Messenger (MSN) v8.1.


PPLive – 1.6.19 classification enhanced (CSCsi25885).

Poco – update to support 2007 beta version (CSCsi87040).

RTSP - Redirect: redirect of RTSP and Streaming does not work - defect resolved (CSCsi55101).






2.5.10 with Protocol Pack #09 introduces an additional protocol ID for MSN Messenger called Windows Live Messenger

DSS Content





Kuro

Guruguru

V-share

Soribada



36 OL-8483-15






Joost 96 P2P TV MMS P2P

MS Push Mail 98 E-mail to PDA SMTP E-Mail

Sony Location Free 95 TV broadcast MMS P2P

Windows Live Messenger 97 Instant messaging Yahoo Messenger Instant

Messaging

Zattoo 94 P2P TV MMS P2P











OL-8483-15

37









38 OL-8483-15














SIP - SIP fails to bundle RTP flow when the connection information of the WAN IP to bundle appears only in the SDP "Ringing" status – defect resolved (CSCsi25885)

RTSP - Redirect: redirect of RTSP and Streaming does not work - defect resolved (CSCsi55101).

SMTP - Certain Non Standard SMTP sessions may not be classified correctly, defect resolved (CSCsi87468).





OL-8483-15

39



DSS Content









Joost 1046 P2P TV TVAnts P2P


Sony Location Free 1045 TV broadcast TVAnts P2P


Messaging

Zattoo 1047 P2P TV TVAnts P2P




40 OL-8483-15















SMTP - Certain Non Standard SMTP sessions may not be classified correctly, defect resolved (CSCsi87468).







OL-8483-15

41

DSS Content









Joost 1046 P2P TV TVAnts P2P


Sony Location Free 1045 TV broadcast TVAnts P2P


Messaging

Zattoo 1047 P2P TV TVAnts P2P





42 OL-8483-15

SCA BB Protocol Pack #08 The SCA BB Protocol Pack #08 contains the following two protocol packs:




Upgrading release 2.5.10 or 3.0.6 with Protocol Pack #08 in a network where the newly supported protocols are relatively common has little performance impact. In a network where the majority of the newly supported protocols are not common, performance might drop, depending on the traffic mix and control policy.


Installation— SCA BB 2.5.10 Protocol Pack #08 Installation— SCA BB 3.0.6 Protocol Pack #08






Club Box – file sharing protocol

Baidu Movie – media sharing protocol

Feidian – TV Streaming protocol

Google Talk – IM protocol



OL-8483-15

43

Audio over HTTP – audio download on HTTP protocol

Binary over HTTP – binary download on HTTP protocol

Video over HTTP – video download on HTTP protocol


PPLive – 1.6.19 version update.

Skype – 3.0 version update

NTPv2 is mis-classified as Skype – defect resolved (CSCsh90616)





Thunder FTP flows are not recognized as Thunder (CSCsh24316).

Ares 1.9.9 version is not fully supported, not all Ares flows are recognized (CSCsg13333).

DSS Content





Kuro

Guruguru

V-share

Soribada



44 OL-8483-15






Audio over HTTP 68 Download over HTTP

Baidu Movie 77 Media download Napster Commercial file sharing

Binary over HTTP 70 Download over HTTP

Club Box 92 File share iTunes Commercial file sharing

Feidian 91 P2P, TV streaming. DirectConnect P2P

Google Talk 93 IM Yahoo Messenger Instant messaging

Video over HTTP 65 Download over HTTP









OL-8483-15

45











46 OL-8483-15






Club Box – file sharing protocol

Baidu Movie – media sharing protocol

Feidian – TV Streaming protocol

Google Talk – IM protocol

Audio over HTTP – audio download on HTTP protocol

Binary over HTTP – binary download on HTTP protocol

Video over HTTP – video download on HTTP protocol


PPLive – 1.6.19 version update.

Skype – 3.0 version update

Redirect not working immediately when trying same URL again - defect resolved (CSCsh74572)

NTPv2 is mis-classified as Skype – defect resolved (CSCsh90616)








OL-8483-15

47

DSS Content









Audio over HTTP 1041 Download over HTTP HTTP Browsing HTTP

Baidu Movie 1043 Media download Napster Commercial file sharing

Binary over HTTP 1042 Download over HTTP HTTP Browsing HTTP

Club Box 1038 File share iTunes Commercial file sharing

Feidian 1037 P2P, TV streaming. TVAnts P2P

Google Talk 1030 IM ICQ Instant messaging

Video over HTTP 1040 Download over HTTP HTTP Browsing HTTP





48 OL-8483-15



SCA BB 3.0.5A Protocol Pack #07


Upgrading release 2.5.10 or 3.0.5A with Protocol Pack #07 in a network where the newly supported protocols are relatively common has little performance impact. In a network where the majority of the newly supported protocols are not common, performance might drop, depending on the traffic mix and control policy.


Installation— SCA BB 2.5.10 Protocol Pack #07 Installation— SCA BB 3.0.5A Protocol Pack #07






QQ-Live – TV Streaming protocol

Flash – Support for Flash based video streaming, including unique signatures for the top three sites: ‘YouTube’, ‘MySpace’, ‘Yahoo!’

Entropy – Freenet client



OL-8483-15

49


QQ – 2006 version.

Thunder – Enhanced Thunder signature to support HTTP download

Skype 2.5 - In/Out/Cast services

Poco – 2006 version

Yahoo VOIP other behaviors (CSCsd53602)

GIVE handshake protocols: PeerEnabler, Edonkey and Kazaa (CSCsg22708_CSCsg67059)

Warez-Ares 1.9.9 TCP download/upload recognition improved (CSCsf29301)







DSS Content





Kuro

Guruguru

V-share

Soribada



50 OL-8483-15






Entropy 85 P2P File sharing, FreeNet client.

DirectConnect P2P

QQ-Live 86 P2P, TV streaming. DirectConnect P2P

Flash 87 Flash video streaming MMS MMS

Flash YouTube 88 YouTube Video streaming MMS MMS

Flash MySpace 89 MySpace Video streaming MMS MMS

Flash Yahoo 90 Yahoo! Video streaming MMS MMS

Thunder 50 Download accelerator DirectConnect P2P









OL-8483-15

51









52 OL-8483-15

SCA BB 3.0.5A Protocol Pack #07

Prerequisites The SCA BB 3.0.5A Protocol Pack #07 can be installed on an SCE 1000 or SCE 2000 platform on which SCA BB 3.0.5A has already been installed.

What's new in the SCA BB 3.0.5A Protocol Pack #07

Note The SCA BB 3.0.5A Protocol Pack #07 for SCA BB 3.0.5A can be installed ONLY on the SCA BB 3.0.5A release.

This Protocol Pack includes support for the following new protocols over SCA BB 3.0.5A:

QQ-Live – TV Streaming protocol

Flash – Support for Flash based video streaming, including unique signatures for the top three sites: ‘YouTube’, ‘MySpace’, ‘Yahoo!’

This Protocol Pack includes updates for the following protocols over SCA BB 3.0.5A:

QQ – 2006 version

Thunder – Enhanced Thunder signature to support HTTP download

Skype 2.5 - In/Out/Cast services

Poco – 2006 version

Yahoo VOIP other behaviors (CSCsd53602)

GIVE handshake protocols: PeerEnabler, Edonkey and Kazaa (CSCsg22708_CSCsg67059)

Warez-Ares 1.9.9 TCP download/upload recognition improved (CSCsf29301)

The SCA BB 3.0.5A Protocol Pack #07 for SCA BB 3.0.5A includes the following spqi file:


SCA-BB 3.0.5A Protocol Pack #07 limitations and caveats



Protocol Pack #07 can be installed upon 3.0.5A only.



OL-8483-15

53

DSS Content


The SCA BB 3.0.5A Protocol Pack #07 includes the following legacy DSS based signatures:



The SCA BB 3.0.5A Protocol Pack #07 includes the following new/enhanced interfaces:

New/Enhanced Protocols in SCA BB 3.0.5A Protocol Pack #07



QQ-Live 1032 P2P, TV streaming DirectConnect P2P

Flash 1033 Flash video streaming HTTP Browsing HTTP

Flash YouTube 1034 YouTube Video streaming HTTP Browsing HTTP

Flash MySpace 1035 MySpace Video streaming HTTP Browsing HTTP

Flash Yahoo 1036 Yahoo! Video streaming HTTP Browsing HTTP

Thunder 50 Download accelerator DirectConnect P2P

Installation Installation of the SCA BB 3.0.5A Protocol Pack #07 involves a replacement of the SCE platform application. This is done automatically as part of the SPQI installation using hitless upgrade mechanism. For more detailed information see Release Notes for Cisco Service Control Application for Broadband (SCA BB)




54 OL-8483-15





Upgrading release 2.5.10 or 3.0.4 with Protocol Pack #06 in a network where the newly supported protocols are relatively common has little performance impact. In a network where the majority of the newly supported protocols are not common, performance might drop, depending on the traffic mix and control policy.


Installation — SCA BB 2.5.10 Protocol Pack #06 Installation— SCA BB 3.0.4 Protocol Pack #06






TVAnts – TV and Video Streaming protocol

Freenet – P2P protocol

Primus/Lingo – VoIP service protocol

DHT – distributed hash table, used by P2P applications

EmuleEncrypted – eMule 0.47 with protocol obfuscation



OL-8483-15

55


Skype – update signature to support version 2.5

ARES – update Wares signature to support ARES 192 version

FLYFF game misclassified as P2P (CSCse79503)

Manolito may potentially cause misclassifications (CSCse94748)

MGCP bundle problem - related to MGCP transaction-id (CSCse99652)

ICQ SIP – consecutive calls are not properly bundled (CSCse99641)

SMTP – CLRFs in RDRs where they are not allowed/expected (CSCsd61859)

eMule – classified eMule HTTP based traffic relying on X-Network field in HTTP header instead of user-agent field (CSCsg10743)

HTTP 0.9 – HTTP 1.0/1.1 packets starting with 'GET' and not recognized as P2P will never be reported (CSCsd17487)

Bittorent – added support for uTorrent 1.6 client (CSCsg10738)

FTP – too many bundled flows data cause errors to be written to the log (CSCsg53122)





Ares 192 version is not fully supported (not all Ares flows are recognized).

Primus: Lingo service is classified as SIP.

DSS Content


The SCA BB 2.5.10 Protocol Pack 06 includes the following legacy DSS based signatures:


The SUSAP script contains following DSS based signatures for Korean protocols:

Kuro



56 OL-8483-15

Guruguru

V-share

Soribada






TVAnts 81 TV video streaming MMS Streaming

FreeNet 82 P2P File sharing DirectConnect P2P

DHT 83 Distributed tracker used in p2p applications

DirectConnect P2P

SIP 10 Primus-Lingo VoIP added and mapped to SIP

EmuleEncrypted 84 emule 0.47 with protocol obfuscation

eDonkey P2P


Manual configuration The manual configuration should be performed after the PP installation has been completed (according to the procedure described in the Cisco SCA BB User Guide)


Step 1. Retrieve the PQB file from the SCE platform

Step 2. Perform the necessary changes according to instructions below

Step 3. Apply the modified PQB file



OL-8483-15

57









58 OL-8483-15






TVAnts – TV and Video Streaming protocol

Freenet – P2P protocol

Primus/Lingo – VoIP service protocol

DHT – Distributed hash table which is used by many P2P applications.

eMule 0.47 – emule with protocol obfuscation


Skype – update signature to support version 2.5

ARES – update Wares signature to support ARES 192 version

FLYFF game misclassified as P2P (CSCse79503)

Manolito may potentially cause misclassifications (CSCse94748)

MGCP bundle problem - related to MGCP transaction-id (CSCse99652)

ICQ SIP – consecutive calls are not properly bundled (CSCse99641)

SMTP – CLRFs in RDRs where they are not allowed/expected (CSCsd61859)

eMule – classified eMule HTTP based traffic relying on X-Network field in HTTP header instead of user-agent field (CSCsg10743)

Bittorent – added support for uTorrent 1.6 client (CSCsg10738)

HTTP 0.9 – HTTP 1.0/1.1 packets starting with 'GET' and not recognized as P2P will never be reported (CSCsd17487)

HTTP 0.9 – the aging time for HTTP-like flows that are mapped to generic is not set (CSCsg48851)



OL-8483-15

59



Note Beginning with 3.0.4 Protocol Pack #06, there is no separate package for APAC region (SUSAP). SCABB_304PP06_SUSAP.spqi is no longer required as APAC-specific protocols have become a part of the application functionality. Enabling APAC specific protocols can be done through the 3.0.4 SCA BB Console (Advanced Service Configuration Options GUI). Assuming that APAC users already have a 3.0.4 PQB deployed with the proper settings, installing PP #06 will preserve these settings. For detailed instructions how to enable APAC specific protocols, see SCA BB 3.0.4 Release Notes.


Ares 192 version is not fully supported (not all Ares flows are recognized).

The update of SCA BB release 3.0.4 with PP #06 may cause performance degradation of up to 3%. Release 3.0.5 coming out on November 30th 2006 includes all PP #06 protocols and is expected to match the performance of release 3.0.4. For SCE deployments where performance sizing is tight, it might be best to wait for the release of SCA BB 3.0.5.

DSS Content



The SUS script contains no DSS based signatures and is only provided to expose the new signature IDs to the application

http://www.cisco.com/application/pdf/en/us/guest/products/ps6135/c1178/ccmigration_09186a008073c552.pdf�



60 OL-8483-15






TVAnts 109 TV-video streaming MMS Streaming

FreeNet 107 P2P File share DirectConnect P2P

Primus/Lingo 108 VoiP SIP SIP

DHT 106 Distributed tracker used in p2p applications

DirectConnect P2P

EmuleEncrypted 105 encrypted emule protocol eDonkey P2P

Installation Installation of the SCA BB 3.0.4 Protocol Pack #06 involves a replacement of the SCE platform application. This is done automatically as part of the SPQI installation using hitless upgrade mechanism. For more detailed information see SCA BB 3.0.4 Release Notes

For further information regarding the installation or distribution process, please use the Cisco SCA BB Protocol Signatures Distribution User Guide Supplement, which is available on CCO at the same directory as the current document

http://www.cisco.com/application/pdf/en/us/guest/products/ps6135/c1178/ccmigration_09186a008073c552.pdf�



OL-8483-15

61





Upgrading release 2.5.10 or 3.0.3 with Protocol Pack #05 in a network where the newly supported protocols are relatively common has little performance impact (±1%). In a network where the majority of the newly supported protocols are not common, performance might drop by up to 2%, depending on the traffic mix and control policy.


Installation — SCA BB 2.5.10 Protocol Pack #05 Installation — SCA BB 3.0.3 Protocol Pack #05






Shoutcast – Audio Streaming protocol

ICQ – IM with file transfer protocol

CU-SeeMe – IM & Video conference protocol is partially supported

Rodi – P2P File sharing protocol



62 OL-8483-15

GoogleEarth – Streaming protocol

Hopster - Private net protocol

Jabber - IM open protocol

AntsP2P - P2P File sharing protocol

Sling - TV broadcast protocol


Share:

new signatures for 2ex added (CSCse06602)

new signatures for NT5 UDP added (CSCsc96277)

BitTorrent:

“.torrent” pattern removed (CSCse51968)

added tunable to disable/enable BT networking signature to work around misclassification of other protocols (like metastock) that are using DHT (CSCse67418)

Gnutella – Foxy and mxie Gnutella user-agent added (CSCse39295)

Warez – update signature to fix HTTPS and Telnet traffic misclassification (CSCse25538 and CSCse30568)

Manolito - update signature to fix Mosa VoIP traffic misclassification (CSCsd66745)

FTP – update signature to fix FTP sessions not bundled properly (CSCsd74132)

Skype – update signature to fix CounterStrike misclassification as Skype (CSCse10448)





ICQ – Voice/Video conferencing, gaming, and multi-chat are not supported

CU-SeeMe – RTP flows are not supported

http://cdets.cisco.com/apps/goto?identifier=CSCse67418�




OL-8483-15

63

DSS Content


The SCA BB 2.5.10 Protocol Pack 05 includes the following legacy DSS based signatures:

The SUS script is empty.

The SUSAP script contains the following DSS based signatures for Korean protocols:

Kuro

Guruguru

V-share

Soribada






HTTP Streaming 18 Shoutcast added to HTTP Streaming

ICQ 72 Version 5.1 Yahoo Messenger IM

SIP 10 ICQ VoIP added and Mapped to SIP

CU-SeeMe 74 Version 7.0.59.1 Yahoo Messenger IM

Rodi 80 Version 0.3.60 Direct Connect P2P

GoogleEarth 73 Client version: 3.0.0762

Hopster 76 Release 17 HTTP Tunnel Tunneling

Jabber 75 Yahoo Messenger IM

AntsP2P 78 Version beta1.5.6 b 0.9.3 Direct Connect P2P

Sling 79 SlingPlayer 1.0.5.140 MMS Streaming

Share 9 Share NT5 and EX2



64 OL-8483-15


Manual configuration The manual configuration should be performed after the PP installation has been completed (according to the procedure described in the Cisco SCA BB User Guide)









OL-8483-15

65







66 OL-8483-15






Shoutcast – Audio Streaming protocol

ICQ – IM with file transfer & Voice/Video conferencing protocol

CU-SeeMe – IM & Video conference protocol

Rodi – P2P File sharing protocol

GoogleEarth – Streaming protocol

Hopster - Private net protocol

Jabber - IM open protocol

AntsP2P - P2P File sharing protocol

Sling - TV broadcast protocol

STUN - Simple Traversal of UDP through NATs protocol


Share:

new signatures for 2ex added (CSCse06602)

new signatures for NT5 UDP added (CSCsc96277)

BitTorrent:

“.torrent “ pattern removed (CSCse51968)

added tunable to disable/enable BT networking signature to work around misclassification of other protocols (like metastock) that are using DHT (CSCse67418)




OL-8483-15

67

Gnutella – Foxy and mxie Gnutella user-agent added (CSCse39295)

Warez – update signature to fix HTTPS and Telnet traffic misclassification (CSCse25538 and CSCse30568)

Manolito - update signature to fix 'Mosa' VoIP traffic misclassification (CSCsd66745)

FTP – update signature to fix FTP sessions not bundled properly (CSCsd74132)

FileCroc - update signature to fix HTTPS misclassification as FileCroc (CSCse30568)

Skype – update signature to fix CounterStrike misclassification as Skype (CSCse10448)

Content Filtering Redirect – fix for a redirect issue found in SCA-BB 3.0.3 (CSCse72875 - Redirect does not work with Content Filtering).

The SCA BB 3.0.3 Protocol Pack #05 for SCA BB 3.0.3 includes the following spqi files:




ICQ – multi-chat is using IRC protocol and being classified as IRC

ICQ – gaming is not supported

DSS Content



The SUS script is empty in 3.0.3


Kuro

Guruguru

V-share

Soribada





68 OL-8483-15






HTTP Streaming 18 Shoutcast added and Mapped to HTTP Streaming

ICQ 119 Version 5.1 Yahoo Messenger IM

ICQ VoIP 110 SIP SIP

CU-SeeMe 117 Version 7.0.59.1 Yahoo Messenger IM

Rodi 111 Version 0.3.60 Direct connect P2P

GoogleEarth 118 Client version: 3.0.0762 HTTP HTTP

Hopster 115 Release 17 HTTP Tunnel Tunneling

Jabber 116 Yahoo Messenger IM

AntsP2P 113 Version beta1.5.6 b 0.9.3 Direct connect P2P

Sling 112 SlingPlayer 1.0.5.140 MMS Streaming

Share 9 Share NT5 and EX2

Installation Installation of the SCA BB 3.0.3 Protocol Pack #05 involves a replacement of the SCE platform application. This is done automatically as part of the SPQI installation. It should be noted that a short service downtime is expected.

Manual configuration The manual configuration should be performed after the Protocol Pack #05 installation has been completed (according to the procedure described in the Cisco SCA BB User Guide)






OL-8483-15

69



Although SCA BB 3.0.3-Protocol Pack #05 correctly classifies 'ICQ VoIP' traffic as SIP, the following additional manual configuration change is required:

Using the Advanced Options dialog of the SCA BB console, add port 5190 to the list “UDP ports for which flows should be opened on first packet”.



70 OL-8483-15




OL-8483-15

71

SCA BB Protocol Pack #04 Starting with this protocol pack, SCA BB Protocol Pack #04, protocol packs will be named by serial number, rather than by month/year.

Thus, the previous protocol packs are:

January 06 Protocol Pack - Protocol Pack #03

November 05 Protocol Pack - Protocol Pack #02

September 05 Protocol Pack - Protocol Pack #01

The SCA BB Protocol Pack #04 contains the following two protocol packs:







Note The SCA BB 2.5.9 Protocol Pack #04 can be installed ONLY on the SCA BB 2.5.9 release.


Dijjer – P2P protocol

Exosee – P2P protocol

Furthur – P2P protocol

PeerEnabler – P2P protocol

Kontiki – P2P protocol (Please note: a portion of Kontiki traffic is classified as HTTP Streaming)



72 OL-8483-15


BitTorrent – New signatures

Skype – New signatures

Winny – Improved signature intended to resolve the few false-detection cases that occurred. The old Winny1 signature was disabled and can be revived if needed.

The SCA BB 2.5.9 Protocol Pack #04 includes the following two spqi files:



DSS Content



The SUS script is empty.


Kuro

Guruguru

V-share

Soribada

Share – UDP-based signature



OL-8483-15

73




Protocol Name Protocol ID Comment

Dijjer 74 1.0b build 117

Exosee 76 0.99.022

Peerenabler 78 1.26-0

Furthur 75 1.7.5Beta

Kontiki 77 Kontiki Delivery Manager 4.03.50401.0 / AOL Hi-Q Video - Delivery Manager 4.20 (4.20.51004.0)

Skype 25 Ver 2.0.0.97

BitTorrent 24 Azureus 2.4.0.0 / Utorrent 1.5 / BitComet 0.63

Installation

Installation of the SCA BB 2.5.9 Protocol Pack #04 involves a replacement of the SCE application. This is done automatically as part of the SPQI installation. It should be noted that some service downtime is expected, similar to that of an SCE platform application upgrade. This is due to the closing of all active flow contexts and reclassification of all traffic with the new version.

For further information regarding the installation or distribution process, please use the SCA BB Protocol Signatures Distribution User Guide Supplement, which is available on CCO at the same directory as the current document.



74 OL-8483-15


Prerequisites The January SCA BB 3.0.1 Protocol Pack #04 can be installed on an SCE 1000 or SCE 2000 platform on which SCA BB 3.0.1 has already been installed.


Note The SCA BB 3.0.1 Protocol Pack #04 can be installed ONLY on the SCA BB 3.0.1 release.


Dijjer – P2P protocol

Exosee – P2P protocol

Furthur – P2P protocol

PeerEnabler – P2P protocol

Kontiki – P2P protocol (Please note: a portion of Kontiki traffic is classified as HTTP Streaming)


BitTorrent – New signatures


Winny – Improved signature intended to resolve the few false-detection cases that occurred. The old Winny1 signature was disabled and can be revived if needed.

The SCA BB 3.0.1 Protocol Pack #04 includes the following spqi files:

SCABB_301PP04_SUSAP.spqi: designated for the Asia Pacific region.




OL-8483-15

75

DSS Content




The SUSAP script contains the following DSS based signatures for Korean protocols

Kuro

Guruguru

V-share

Soribada

Share





Dijjer 120 1.0b build 117

Exosee 121 0.99.022

Peerenabler 122 1.26-0

Furthur 123 1.7.5Beta

Kontiki 124 Kontiki Delivery Manager 4.03.50401.0 / AOL Hi-Q Video - Delivery Manager 4.20 (4.20.51004.0)

Skype 25 Ver 2.0.0.97

BitTorrent 24 Azureus 2.4.0.0 / Utorrent 1.5 / BitComet 0.63

Installation

Installation of the SCA BB 3.0.1 Protocol Pack #04 involves a replacement of the SCE application. This is done automatically as part of the SPQI installation. It should be noted that some service downtime is expected, similar to that of an SCE platform application upgrade. This is due to the closing of all active flow contexts and reclassification of all traffic with the new version.


76 OL-8483-15


January 2006 Protocol Pack (Protocol Pack #03)


OL-8483-15

77

January 2006 Protocol Pack (Protocol Pack #03) The January 2006 Protocol Pack contains the following two protocol packs:

January 2006 2.5.8 Protocol Pack




Prerequisites The January 2006 2.5.8 Protocol Pack for SCA BB 2.5.8 can be installed on an SCE 1000 or SCE 2000 platform on which SCA BB 2.5.8 has already been installed.

What's new in the January 2006 2.5.8 Protocol Pack

Note The January 2006 2.5.8 Protocol Pack for SCA BB 2.5.8 can be installed ONLY on the SCA BB 2.5.8 release.


HTTP Tunnel – Tunneling protocol over HTTP



PPLive – New TCP signature

The January 2006 2.5.8 Protocol Pack for SCA BB 2.5.8 includes the following two spqi files:





78 OL-8483-15

DSS Content


The January 2006 2.5.8 Protocol Pack includes the following legacy DSS based signatures:

The SUS script contains two protocols:

Suspected http

Other Gnutella

The SUSAP script contains the following DSS based signatures for Korean protocols, in addition to the protocols in the SUS script:

Kuro

Guruguru

V-share

Soribada



The January 2006 2.5.8 Protocol Pack includes the following new/enhanced interfaces:

New/Enhanced Protocols in SCA BB 2.5.8 Protocol Pack Protocol Name Protocol ID Comment

HTTP Tunnel 80

Skype 25 Version 1.4.0.84

PPLive 44 Version 1.1.0.0

Installation

Installation of the January 2006 2.5.8 Protocol Pack involves a replacement of the SCE application. This is done automatically as part of the SPQI installation. It should be noted that some service downtime is expected, similar to that of an SCE platform application upgrade. This is due to the closing of all active flow contexts and reclassification of all traffic with the new version.



OL-8483-15

79



Prerequisites The January 2006 3.0.0 Protocol Pack for SCA BB 3.0.0 can be installed on an SCE 1000 or SCE 2000 platform on which SCA BB 3.0.0 has already been installed.

What's new in the January 2006 3.0.0 Protocol Pack

Note The January 2006 3.0.0 Protocol Pack for SCA BB 3.0.0 can be installed ONLY on the SCA BB 3.0.0 release.


BaiBao – Chinese P2P protocol

HTTP Tunnel – Tunneling protocol over HTTP

NTP – Network time protocols

Poco – Chinese P2P protocol

PPLive – Chinese P2P TV sharing protocol

PPStream – Chinese P2P TV sharing protocol

SSDP – Simple service discovery protocol

Thunder – Download accelerator

QQ – Chinese instant messenger

UC - Chinese instant messenger


Bearshare – New UDP signature


This Protocol Pack includes the following bug fixes over SCA BB 3.0.0:

NTP misclassification as eDonkey and Manolito



80 OL-8483-15

Improved lately marks mechanism

The January 2006 3.0.0 Protocol Pack for SCA BB 3.0.0 includes the following spqi file:

SCABB_300PP0601_SUS.spqi: designated for all regions other than the Asia Pacific.

DSS Content


The January 2006 3.0.0 Protocol Pack includes the following legacy DSS based signatures:


Please note that the January 2006 3.0.0 Protocol Pack does not support the following protocols:

Kuro

Guruguru

V-share

Soribada


The January 2006 3.0.0 Protocol Pack includes the following new/enhanced interfaces:



OL-8483-15

81

New/Enhanced Protocols in SCA BB 3.0.0 Protocol Pack


BaiBao 88 Version 1.31

Gnutella 11 Bearshare 5.1, iMash 5.5, limewire 4.9, morpheus 5, shareaza 2.2

HTTP Tunnel 89

NTP_Sig 86 Version 3

Poco 82 2005 build 0403


PPStream 81 Version 1.0.0.98

Skype 25 Version 1.4.0.84

SSDP 80 Version 1.0

Thunder 85 Version 5.0.3.86

QQ 87 2005 beta version 3

UC 84 2005 beta version 3

Installation

Installation of the January 2006 3.0.0 Protocol Pack involves a replacement of the SCE application. This is done automatically as part of the SPQI installation. It should be noted that some service downtime is expected, similar to that of an SCE platform application upgrade. This is due to the closing of all active flow contexts and reclassification of all traffic with the new version.


November 2005 Protocol Pack (Protocol Pack #02)


82 OL-8483-15


Prerequisites The November 2005 Protocol Pack for 2.5.7 can be installed on an SCE 1000 or SCE 2000 on which either one of the following software versions has already installed:

SCA BB 2.5.7

SCA BB 2.5.7 with September 2005 Protocol Pack

What's new in the November 2005 Protocol Pack

Note The November 2005 Protocol Pack can be installed ONLY on the SCA BB 2.5.7 release, with or without the previous Protocol Pack.

This Protocol Pack includes support for the following new protocols:

NTP – Network time protocols

Poco – Chinese P2P protocol

PPStream – Chinese P2P TV sharing protocol

SSDP – Simple service discovery protocol

Thunder – Download accelerator

QQ – Chinese instant messenger

UC - Chinese instant messenger

This Protocol Pack includes updates for the following protocols:

Bearshare – New UDP signature

BitTorrent – BitComet client unique signature

PPLive – New TCP signature

This Protocol Pack includes the following bug fixes:

NTP misclassification as eDonkey and Manolito



OL-8483-15

83

SIP does not recognize Yahoo VOIP

Improved handling of dormant BitTorrent flows

The November Protocol Pack includes the following two zip files:



DSS Content


The November Protocol Pack includes the following legacy DSS based signatures:

The SUS script contains two protocols:

Suspected http

Other Gnutella

The SUSAP script contains the following DSS based signatures for Korean protocols, in addition to the protocols in the SUS script:

Kuro

Guruguru

V-share

Soribada




84 OL-8483-15


The November Protocol Pack includes the following new/enhanced interfaces:

New/Enhanced Protocols Protocol Name Protocol ID Comment

BitTorrent 24 BitTorrent 4.1.4, Bitcomet 0.6, Azureuz 2.3.0.4, eXeem 0.27

eDonkey 18 eDonkey2000 1.1, eMule 0.46c

Gnutella 11 Bearshare 5.1, iMash 5.5, limewire 4.9, morpheus 5, shareaza 2.2

Manolito 22 Blubster 2.5, Piolet 1.05

NTP 86 Version 3

Poco 83 2005 build 0403

PPStream 84 Version 1.0.0.98

SIP 23 Version 2.0

SSDP 85 Version 1.0

Thunder 87 Version 5.0.3.86

QQ 88 2005 beta version 3

UC 89 2005 beta version 3

Enhanced Protocols from Previous Protocol Pack Release Protocol Name Protocol ID Comment

BaiBao 80 Version 1.3.1


DNS 82 RFC 1035

Installation

Installation of the November 2005 Protocol Pack involves a replacement of the SCE application. This is done automatically as part of the SPQI installation. It should be noted that some service downtime is expected, similar to that of an SCE platform application upgrade. This is due to the closing of all active flow contexts and reclassification of all traffic with the new version.

For further information regarding the installation or distribution process, please use the SCA BB Protocol Signatures Distribution - User Guide Supplement, which is available on CCO at the same directory as the current document.

September 2005 Protocol Pack (Protocol Pack #01)


OL-8483-15

85

September 2005 Protocol Pack (Protocol Pack #01)

What's new in the September 2005 Protocol Pack The September 2005 Protocol pack is relevant for the SCA BB 2.5.7 release.

This Protocol Pack includes support for the following protocols:

BaiBao – A P2P protocol that is widely used in China

PPLive – An application for TV broadcasting using P2P technology

Azarus BitTorrent client – A BitTorrent client that runs over UDP

Bitcomet BitTorrent client – A BitTorrent client that runs over UDP

Fix for the issue of classification of DHCP traffic as Manolito

DNS – The Domain Name Service protocol

Obtaining Documentation and Submitting a Service Request


86 OL-8483-15

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.

CCDE, CCENT, Cisco Eos, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco TelePresence, the Cisco logo, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.

All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0807R)

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental

Copyright © 2008 Cisco Systems, Inc. All rights reserved.

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html�

Protocol Pack Notes

Documents

Transcript of Protocol Pack Notes